shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-03-28 02:50:16 +03:00
Code

Merge pull request #13423 from pwithnall/12035-session-time-limits

Browse Source 
Add `RuntimeMaxSec=` support to scope units (time-limited login sessions)
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2019-10-28 14:57:00 +01:00 committed by GitHub
commit a5f6f346d3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 135 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/TRANSIENT-SETTINGS.md
View File

@ -370,6 +370,7 @@ Scope units are fully supported as transient units (in fact they only exist as
such).
```
✓ RuntimeMaxSec=
✓ TimeoutStopSec=
```

7
man/pam_systemd.xml
View File

@ -263,6 +263,12 @@
<listitem><para>Sets unit <varname>IOWeight=</varname>.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>systemd.runtime_max_sec</varname></term>
<listitem><para>Sets unit <varname>RuntimeMaxSec=</varname>.</para></listitem>
</varlistentry>
</variablelist>
<para>Example data as can be provided from an another PAM module:
@ -271,6 +277,7 @@ pam_set_data(handle, "systemd.memory_max", (void *)"200M", cleanup);
pam_set_data(handle, "systemd.tasks_max", (void *)"50", cleanup);
pam_set_data(handle, "systemd.cpu_weight", (void *)"100", cleanup);
pam_set_data(handle, "systemd.io_weight", (void *)"340", cleanup);
pam_set_data(handle, "systemd.runtime_max_sec", (void *)"3600", cleanup);
</programlisting>
</para>

25
man/systemd.scope.xml
View File

@ -77,6 +77,31 @@
</refsect2>
</refsect1>
<refsect1>
<title>Options</title>
<para>Scope files may include a <literal>[Scope]</literal>
section, which carries information about the scope and the
units it contains. A number of options that may be used in
this section are shared with other unit types. These options are
documented in
<citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
and
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
The options specific to the <literal>[Scope]</literal> section
of scope units are the following:</para>
<variablelist class='unit-directives'>
<varlistentry>
<term><varname>RuntimeMaxSec=</varname></term>
<listitem><para>Configures a maximum time for the scope to run. If this is used and the scope has been
active for longer than the specified time it is terminated and put into a failure state. Pass
<literal>infinity</literal> (the default) to configure no runtime limit.</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>See Also</title>
<para>

13
src/core/dbus-scope.c
View File

@ -47,6 +47,7 @@ const sd_bus_vtable bus_scope_vtable[] = {
SD_BUS_PROPERTY("Controller", "s", NULL, offsetof(Scope, controller), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
SD_BUS_PROPERTY("TimeoutStopUSec", "t", bus_property_get_usec, offsetof(Scope, timeout_stop_usec), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("Result", "s", property_get_result, offsetof(Scope, result), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
SD_BUS_PROPERTY("RuntimeMaxUSec", "t", bus_property_get_usec, offsetof(Scope, runtime_max_usec), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_SIGNAL("RequestStop", NULL, 0),
SD_BUS_METHOD("Abandon", NULL, NULL, bus_scope_method_abandon, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_VTABLE_END
@ -59,6 +60,7 @@ static int bus_scope_set_transient_property(
UnitWriteFlags flags,
sd_bus_error *error) {
Unit *u = UNIT(s);
int r;
assert(s);
@ -68,7 +70,10 @@ static int bus_scope_set_transient_property(
flags |= UNIT_PRIVATE;
if (streq(name, "TimeoutStopUSec"))
return bus_set_transient_usec(UNIT(s), name, &s->timeout_stop_usec, message, flags, error);
return bus_set_transient_usec(u, name, &s->timeout_stop_usec, message, flags, error);
if (streq(name, "RuntimeMaxUSec"))
return bus_set_transient_usec(u, name, &s->runtime_max_usec, message, flags, error);
if (streq(name, "PIDs")) {
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
@ -101,12 +106,12 @@ static int bus_scope_set_transient_property(
} else
pid = (uid_t) upid;
r = unit_pid_attachable(UNIT(s), pid, error);
r = unit_pid_attachable(u, pid, error);
if (r < 0)
return r;
if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
r = unit_watch_pid(UNIT(s), pid, false);
r = unit_watch_pid(u, pid, false);
if (r < 0 && r != -EEXIST)
return r;
}
@ -128,7 +133,7 @@ static int bus_scope_set_transient_property(
/* We can't support direct connections with this, as direct connections know no service or unique name
* concept, but the Controller field stores exactly that. */
if (sd_bus_message_get_bus(message) != UNIT(s)->manager->api_bus)
if (sd_bus_message_get_bus(message) != u->manager->api_bus)
return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Sorry, Controller= logic only supported via the bus.");
r = sd_bus_message_read(message, "s", &controller);

1
src/core/load-fragment-gperf.gperf.m4
View File

@ -471,6 +471,7 @@ CGROUP_CONTEXT_CONFIG_ITEMS(Slice)m4_dnl
m4_dnl
CGROUP_CONTEXT_CONFIG_ITEMS(Scope)m4_dnl
KILL_CONTEXT_CONFIG_ITEMS(Scope)m4_dnl
Scope.RuntimeMaxSec, config_parse_sec, 0, offsetof(Scope, runtime_max_usec)
Scope.TimeoutStopSec, config_parse_sec, 0, offsetof(Scope, timeout_stop_usec)
m4_dnl The [Install] section is ignored here.
Install.Alias, NULL, 0, 0

41
src/core/scope.c
View File

@ -34,6 +34,7 @@ static void scope_init(Unit *u) {
assert(u);
assert(u->load_state == UNIT_STUB);
s->runtime_max_usec = USEC_INFINITY;
s->timeout_stop_usec = u->manager->default_timeout_stop_usec;
u->ignore_on_isolate = true;
}
@ -203,6 +204,23 @@ static int scope_load(Unit *u) {
return scope_verify(s);
}
static usec_t scope_coldplug_timeout(Scope *s) {
assert(s);
switch (s->deserialized_state) {
case SCOPE_RUNNING:
return usec_add(UNIT(s)->active_enter_timestamp.monotonic, s->runtime_max_usec);
case SCOPE_STOP_SIGKILL:
case SCOPE_STOP_SIGTERM:
return usec_add(UNIT(s)->state_change_timestamp.monotonic, s->timeout_stop_usec);
default:
return USEC_INFINITY;
}
}
static int scope_coldplug(Unit *u) {
Scope *s = SCOPE(u);
int r;
@ -213,11 +231,9 @@ static int scope_coldplug(Unit *u) {
if (s->deserialized_state == s->state)
return 0;
if (IN_SET(s->deserialized_state, SCOPE_STOP_SIGKILL, SCOPE_STOP_SIGTERM)) {
r = scope_arm_timer(s, usec_add(u->state_change_timestamp.monotonic, s->timeout_stop_usec));
if (r < 0)
return r;
}
r = scope_arm_timer(s, scope_coldplug_timeout(s));
if (r < 0)
return r;
if (!IN_SET(s->deserialized_state, SCOPE_DEAD, SCOPE_FAILED))
(void) unit_enqueue_rewatch_pids(u);
@ -230,15 +246,18 @@ static int scope_coldplug(Unit *u) {
static void scope_dump(Unit *u, FILE *f, const char *prefix) {
Scope *s = SCOPE(u);
char buf_runtime[FORMAT_TIMESPAN_MAX];
assert(s);
assert(f);
fprintf(f,
"%sScope State: %s\n"
"%sResult: %s\n",
"%sResult: %s\n"
"%sRuntimeMaxSec: %s\n",
prefix, scope_state_to_string(s->state),
prefix, scope_result_to_string(s->result));
prefix, scope_result_to_string(s->result),
prefix, format_timespan(buf_runtime, sizeof(buf_runtime), s->runtime_max_usec, USEC_PER_SEC));
cgroup_context_dump(UNIT(s), f, prefix);
kill_context_dump(&s->kill_context, f, prefix);
@ -351,6 +370,9 @@ static int scope_start(Unit *u) {
scope_set_state(s, SCOPE_RUNNING);
/* Set the maximum runtime timeout. */
scope_arm_timer(s, usec_add(UNIT(s)->active_enter_timestamp.monotonic, s->runtime_max_usec));
/* Start watching the PIDs currently in the scope */
(void) unit_enqueue_rewatch_pids(u);
return 1;
@ -485,6 +507,11 @@ static int scope_dispatch_timer(sd_event_source *source, usec_t usec, void *user
switch (s->state) {
case SCOPE_RUNNING:
log_unit_warning(UNIT(s), "Scope reached runtime time limit. Stopping.");
scope_enter_signal(s, SCOPE_STOP_SIGTERM, SCOPE_FAILURE_TIMEOUT);
break;
case SCOPE_STOP_SIGTERM:
if (s->kill_context.send_sigkill) {
log_unit_warning(UNIT(s), "Stopping timed out. Killing.");

1
src/core/scope.h
View File

@ -24,6 +24,7 @@ struct Scope {
ScopeState state, deserialized_state;
ScopeResult result;
usec_t runtime_max_usec;
usec_t timeout_stop_usec;
char *controller;

32
src/login/pam_systemd.c
View File

@ -279,6 +279,27 @@ static int append_session_memory_max(pam_handle_t *handle, sd_bus_message *m, co
return 0;
}
static int append_session_runtime_max_sec(pam_handle_t *handle, sd_bus_message *m, const char *limit) {
usec_t val;
int r;
/* No need to parse "infinity" here, it will be set by default later in scope_init() */
if (isempty(limit) || streq(limit, "infinity"))
return 0;
r = parse_sec(limit, &val);
if (r >= 0) {
r = sd_bus_message_append(m, "(sv)", "RuntimeMaxUSec", "t", (uint64_t) val);
if (r < 0) {
pam_syslog(handle, LOG_ERR, "Failed to append to bus message: %s", strerror_safe(r));
return r;
}
} else
pam_syslog(handle, LOG_WARNING, "Failed to parse systemd.runtime_max_sec: %s, ignoring.", limit);
return 0;
}
static int append_session_tasks_max(pam_handle_t *handle, sd_bus_message *m, const char *limit) {
uint64_t val;
int r;
@ -412,7 +433,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
*seat = NULL,
*type = NULL, *class = NULL,
*class_pam = NULL, *type_pam = NULL, *cvtnr = NULL, *desktop = NULL, *desktop_pam = NULL,
*memory_max = NULL, *tasks_max = NULL, *cpu_weight = NULL, *io_weight = NULL;
*memory_max = NULL, *tasks_max = NULL, *cpu_weight = NULL, *io_weight = NULL, *runtime_max_sec = NULL;
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
int session_fd = -1, existing, r;
bool debug = false, remote;
@ -545,6 +566,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
(void) pam_get_data(handle, "systemd.tasks_max", (const void **)&tasks_max);
(void) pam_get_data(handle, "systemd.cpu_weight", (const void **)&cpu_weight);
(void) pam_get_data(handle, "systemd.io_weight", (const void **)&io_weight);
(void) pam_get_data(handle, "systemd.runtime_max_sec", (const void **)&runtime_max_sec);
/* Talk to logind over the message bus */
@ -563,8 +585,8 @@ _public_ PAM_EXTERN int pam_sm_open_session(
strempty(seat), vtnr, strempty(tty), strempty(display),
yes_no(remote), strempty(remote_user), strempty(remote_host));
pam_syslog(handle, LOG_DEBUG, "Session limits: "
"memory_max=%s tasks_max=%s cpu_weight=%s io_weight=%s",
strna(memory_max), strna(tasks_max), strna(cpu_weight), strna(io_weight));
"memory_max=%s tasks_max=%s cpu_weight=%s io_weight=%s runtime_max_sec=%s",
strna(memory_max), strna(tasks_max), strna(cpu_weight), strna(io_weight), strna(runtime_max_sec));
}
r = sd_bus_message_new_method_call(
@ -608,6 +630,10 @@ _public_ PAM_EXTERN int pam_sm_open_session(
if (r < 0)
return PAM_SESSION_ERR;
r = append_session_runtime_max_sec(handle, m, runtime_max_sec);
if (r < 0)
return PAM_SESSION_ERR;
r = append_session_tasks_max(handle, m, tasks_max);
if (r < 0)
return PAM_SESSION_ERR;

20
src/shared/bus-unit-util.c
View File

@ -1381,6 +1381,18 @@ static int bus_append_path_property(sd_bus_message *m, const char *field, const
return 0;
}
static int bus_append_scope_property(sd_bus_message *m, const char *field, const char *eq) {
if (streq(field, "RuntimeMaxSec"))
return bus_append_parse_sec_rename(m, field, eq);
if (streq(field, "TimeoutStopSec"))
return bus_append_parse_sec_rename(m, field, eq);
return 0;
}
static int bus_append_service_property(sd_bus_message *m, const char *field, const char *eq) {
int r;
@ -1747,15 +1759,15 @@ int bus_append_unit_property_assignment(sd_bus_message *m, UnitType t, const cha
break;
case UNIT_SCOPE:
if (streq(field, "TimeoutStopSec"))
return bus_append_parse_sec_rename(m, field, eq);
r = bus_append_cgroup_property(m, field, eq);
if (r != 0)
return r;
r = bus_append_kill_property(m, field, eq);
if (r != 0)
return r;
r = bus_append_scope_property(m, field, eq);
if (r != 0)
return r;
break;

10
test/TEST-03-JOBS/test-jobs.sh
View File

@ -84,4 +84,14 @@ END_SEC=$(date -u '+%s')
ELAPSED=$(($END_SEC-$START_SEC))
[[ "$ELAPSED" -ge 5 ]] && [[ "$ELAPSED" -le 7 ]] || exit 1
# Test time-limited scopes
START_SEC=$(date -u '+%s')
set +e
systemd-run --scope --property=RuntimeMaxSec=3s sleep 10
RESULT=$?
END_SEC=$(date -u '+%s')
ELAPSED=$(($END_SEC-$START_SEC))
[[ "$ELAPSED" -ge 3 ]] && [[ "$ELAPSED" -le 5 ]] || exit 1
[[ "$RESULT" -ne 0 ]] || exit 1
touch /testok

2
test/fuzz/fuzz-unit-file/directives.scope Normal file
View File

@ -0,0 +1,2 @@
scope
RuntimeMaxSec=